A new standard comes into force this month that will affect all businesses that accept credit cards. The deadline for Payment Card Industry Data Security Standards (PCI DSS) falls on the 30 June. Experts warn that some businesses will not be ready for the regulations, while others may have overlooked specific issues.
"There are certainly lessons that can be learned following the USadoption of PCI regulations, many businesses were not well prepared atall," said John Pescatori, vice-president at Gartner. "There will bedifferent key issues in the UK, however. For example, although Europeancompanies generally have better database security, standalone cardreaders in retail environments will cause problems. These are difficultto patch, and some can store card details in breach of thestandard."
In theory, any company failing to meet the standard by the due date willbe subject to fines of up to £250,000 per incident, and facehaving their ability to process card payments withdrawn. But expertspredict that penalties are likely to be applied less harshly. "Bankswill be looking for companies to have a plan in place," said Ian White,EMEA compliance practice leader at Cybertrust (pictured). "The vastmajority of businesses are taking steps towards compliance, but not all.I don't think that the potential fine is the reason for this action,though, it's the risk of losing customer confidence."
The PCI guidelines were agreed upon by Visa, MasterCard, Discover,American Express, and JCB. Previously, each card brand had its own setof requirements.